Skip to main content
Skip table of contents

E-Ident operational information

​​​​​​All coming customer affected changes for E-Ident.

BankID on mobile was turned off September 1, 2024​​

T​ime: 1st September 2024

Information

​​ ​

BankID on mobile was turned off September 1, 2024. It is no longer be possible to use BankID on mobile.

Service maintenance for Finnish bank S-Pankki

T​ime period: 2024-04-17 23:00 - 2024-04-18 07​:00 EEST

Information

The Finnish bank S-Pankki has announced a service window for their identification services. During the service window, identifications with S-Pankki through the FTN service will be unavailable.

Service maintenance for Finnish bank OP

T​ime period: 2024-04-20 22:00 - 2024-04-21 07​:00 EEST

Information

​​The Finnish bank OP has announced a service window for their identification services. During the service window, identifications with OP​ through the FTN service may be unavailable in short periods.

​Service maintenance for Finnish bank Nordea

T​ime period: 2024-04-21 01:00 - 05​:30 EEST

Information

​​The Finnish bank Nordea has announced a service window for their identification services. During the service window, identifications with Nordea​ through the FTN service will be unavailable.

​​FAQ: Encrypted ID Token for FTN customers

Background

To be aligned with requirements to identity brokers from Traficom (Finnish Transport and Communications Agency), all FTN customers MUST use the OIDC protocol with encrypted ID Token in the communication with the FTN service. Below are links to documentation regarding both encrypted ID Tokens, and the OIDC protocol.

Documentation:

  • OIDC protocol

  • Encrypted ID Token

  • Code examples in the Get started guide and in the demo app

Frequently Asked Questions related to encrypted ID Token

Generate Public Key

Question 1: Is there any guide / example for us about how to generate and provide you with a public key?

Generation of an RSA public key should be done using your preferred encryption tool, and according to related documentation provided by said tool.

Here is an example on how you can generate a key-pair using the popular openssl command line tool:

openssl req -new -newkey rsa:2048 -keyout key.pem -pubkey -out pubreq.p10 -subj "/CN=MyKey"

The file key.pem will contain your password-protected private key that you must implement into your application. The file pubreq.p10 will contain both the public key and the CSR-request. The public key must be sent to us, and the CSR-request you can ignore.

Public Key Format

Question 2: In what format do you need encryption keys?

The public key must be provided for us in PEM format, as a JWK or as URL link to a JWKS on web.

Below is an example of a public key in PEM-format (base64-encoded ASN.1 binary):

-----BEGIN PUBLIC KEY-----

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA32frjzf3sUdKfHrwKWw5

6Kj1YXdQcQ+2BX4L5ZYFx1QztRcrQiz57yOtBBIsNCLmbLC0Gu+2dlKG4/FJVBcR

IOgXD+LQW2IUnV0AFR2N8EVlbilQvkKSA0FAAb+0D+v8Y6xcjlu5QJOLtOEY09cA

G3CseylRvNwnBJYwoainl7BEPAWjAAZ4FQV1PYrVFG7+YeyE33DH0FXG4VWOCvvC

b537PZwbisTkXfDslJZg+v+KTyPCQUt7ZUwKJ3b+WoxdEhKOaI3Dt/A/N3oQhZrX

+miH7MclhmOzNhayYCghyUks7CdPgy1fdRvhziFkwJ3chh3jhkJ4KEBnj0uVCrfS

XwIDAQAB

-----END PUBLIC KEY-----

Below is the same public key as above, but now formatted as a JWK (JSON Web Key):

{

  "kty": "RSA",

  "n": "32frjzf3sUdKfHrwKWw56Kj1YXdQcQ-2BX4L5ZYFx1QztRcrQiz57yOtBBIsNCLmbLC0Gu-2dlKG4_FJVBcRIOgXD-LQW2IUnV0AFR2N8EVlbilQvkKSA0FAAb-0D-v8Y6xcjlu5QJOLtOEY09cAG3CseylRvNwnBJYwoainl7BEPAWjAAZ4FQV1PYrVFG7-YeyE33DH0FXG4VWOCvvCb537PZwbisTkXfDslJZg-v-KTyPCQUt7ZUwKJ3b-WoxdEhKOaI3Dt_A_N3oQhZrX-miH7MclhmOzNhayYCghyUks7CdPgy1fdRvhziFkwJ3chh3jhkJ4KEBnj0uVCrfSXw",

  "e": "AQAB"

}

A public key may also be added to a JWKS (JSON Web Key Set) on a publicly available web site. In this case, you must send us the URL, and we will register and use the URL to retrieve the public key. The advantage of publishing the key on your own web, is the fact that you may later update the key on your side, without involving us.

Key for test and prod

Question 3: Can we have a separate key for test and production?

Yes, we recommend that you create separate key-pairs for customer test and production.

ABOUT N

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.